Announcement

Collapse
No announcement yet.

Potential Phishing Vector

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IB Adrian
    started a topic Potential Phishing Vector

    Potential Phishing Vector

    We have been recently advised of an indirect, low risk phishing vector that could allow a malicious user to restructure vBulletin URL(s) in a fairly obvious attempt to trick an unsuspecting user into inputting their user account information on a site other than the original destination.

    It has been identified this as a low-priority phishing vector in all versions of vBulletin, including vBulletin 3 and 4. At this time we believe that the risk to our customers is indirect and at best minimal . Accordingly, no patch is currently available or required for any and all versions of vBulletin software related to this report.

    Generic example of the Phishing Attempt:
    • User can post a fake thread inviting others to reset their passwords using the provided link
    • User edits the link to append an incorrect “last location” to url therefore redirecting traffic outside the site after the form successfully/correctly submits on the original site.
    • For example: http://www.vbulletin.com/forum/login...www.google.com
    • Instead of Google.com in this example the user would go to a fake site where they could potentially be tricked into submitting real information.

    This vector was reported by:

    Robert Gilbert
    HALOCK Security Labs
    http://blog.halock.com

Related Topics

Collapse

Working...
X